FBI warns of escalating Pysa ransomware attacks on education orgs


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.

The CP-000142-MW flash alert issued by the FBI today was coordinated with DHS-CISA and it provides indicators of compromise to help guard against the malicious actions of this ransomware gang.

"Since March 2020, the FBI has become aware of PYSA ransomware attacks against US and foreign government entities, educational institutions, private companies, and the healthcare sector by unidentified cyber actors," the FBI says in the TLP:WHITE flash alert.

"FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom. The unidentified cyber actors have specifically targeted higher education, K-12 schools, and seminaries."

The FBI recommends not paying Pysa ransomware's ransoms since giving in to their demands will most likely fund future ransomware attacks and encourage them to target other potential victims.

However, the FBI understands the damages educational institutions face following such attacks and urges them to report the attacks as soon as possible to the local FBI field office or the Internet Crime Complaint Center (IC3), regardless of their decision to pay for a decryptor or not.

Reporting the attack will provide "critical information" like phishing emails, ransomware samples, ransom notes, and network traffic logs which could help prevent or counter future attacks, as well as identify and hold the attackers accountable for their malicious activity.